A Penetration Tester’s Guide to the Azure Cloud
(45 mins) Apostolos Mastoris — The wide adoption and the benefits of cloud computing has led many users and enterprises to move their applications and infrastructure towards the Cloud. However, the nature of the Cloud introduces new security challenges, therefore organizations are required to ensure that such hosted deployments do not expose them to additional risk. Auditing cloud services has become an essential task and, in order to carry out such assessments, familiarization with certain components of the target environments is required. This talk will provide insight into the Microsoft Azure Cloud service and present practical advice on performing security assessments on Azure-hosted deployments. More specifically, it will demystify the main components of a cloud service and dive further into Azure-specific features. The main security controls and configurations associated with each of the mainstream Azure components will also be explored. Areas that will be covered include role-based security, secure networking features, perimeter security, encryption capability, auditing, and monitoring of activities within the Azure Cloud environment. Additionally, the talk will include the demonstration of a new tool that uses the Azure PowerShell cmdlets to collect verbose information about the main components within a deployment. The tool also provides functionality to visualize the components within a network infrastructure using an interactive representation of the topology and the associations between the deployment’s components.

And yesterday I saw that Azurite (the tool) was released! So let’s take a look at how this looks when running this against one of my lab environments.

Prerequisites

Before engaging, be sure to have the following requisites on your system ;

We’ve talked about setting up VPN connections between VNets in the past… At the end of July, VNet peering entered “preview”. This one allows you to connect two VNets within the same regionwithout the need for a gateway.

How does this look?

So let’s look at an example with several VNets ; Two in west europe and one in north europe.

If we select on VNet (from West Europe), we’ll notice another option called “Peerings”.

Press “Add” here, and you’ll be able to link another VNet in the same region.

Up in the Clouds

Views are my own

The content of this blog will, at all times, portray my own views. At no time will this reflect the views of the organization I am linked to. Neither can the information provided be used as support statement.